Platform
rails
Component
elektra
Fixed in
8.0.1
CVE-2024-41961 describes a Remote Code Execution (RCE) vulnerability discovered in Elektra, an Openstack Dashboard. This vulnerability allows an authenticated user to inject malicious Ruby code through the live search functionality, potentially granting them complete control over the system. The vulnerability impacts versions of Elektra prior to commit 8bce00be93b95a6512ff68fe86bf9554e486bc02. A fix is available in the specified commit.
The impact of CVE-2024-41961 is severe. Successful exploitation allows an authenticated attacker to execute arbitrary code on the server hosting the Elektra dashboard. This could lead to complete system compromise, including data exfiltration, modification of Openstack resources, and lateral movement within the network. Given Elektra's role as a dashboard for managing Openstack services, a successful attack could have a wide-ranging impact on the entire Openstack environment. The ability to inject code via a seemingly innocuous feature like live search significantly lowers the barrier to entry for attackers.
CVE-2024-41961 was publicly disclosed on August 1, 2024. There is currently no indication of active exploitation in the wild, but the vulnerability's ease of exploitation and the critical CVSS score suggest it is a high-priority target. No public proof-of-concept (PoC) code has been released as of this writing, but the vulnerability's nature makes it likely that PoCs will emerge. It is not currently listed on the CISA KEV catalog.
Exploit Status
EPSS
0.21% (43% percentile)
CISA SSVC
CVSS Vector
The primary mitigation for CVE-2024-41961 is to upgrade Elektra to version 8bce00be93b95a6512ff68fe86bf9554e486bc02, which contains the fix. If immediate upgrade is not possible, consider implementing input validation on the live search functionality to sanitize user-provided input and prevent the injection of malicious code. Web Application Firewalls (WAFs) configured to detect and block Ruby code injection attempts can provide an additional layer of defense. Review Elektra's access controls to ensure only authorized users have access to the dashboard.
Update Elektra to the version containing the fix from commit 8bce00be93b95a6512ff68fe86bf9554e486bc02 or later. This will resolve the remote code execution vulnerability in the universal search functionality.
Vulnerability analysis and critical alerts directly to your inbox.
CVE-2024-41961 is a critical Remote Code Execution vulnerability in Elektra, allowing authenticated users to execute arbitrary code via the live search functionality. It affects versions prior to 8bce00be93b95a6512ff68fe86bf9554e486bc02.
You are affected if you are running Elektra version 8bce00be93b95a6512ff68fe86bf9554e486bc02 or earlier. Verify your version and upgrade immediately.
Upgrade Elektra to version 8bce00be93b95a6512ff68fe86bf9554e486bc02. If immediate upgrade is not possible, implement input validation and consider using a WAF.
There is currently no confirmed active exploitation, but the vulnerability's severity and ease of exploitation make it a high-priority target.
Refer to the Elektra project's official website and security advisories for the latest information and updates regarding CVE-2024-41961.
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.